Vendor import of OpenSSH 3.1

author: des <des@FreeBSD.org> 2002-03-18 09:55:03 +0000
committer: des <des@FreeBSD.org> 2002-03-18 09:55:03 +0000
commit: 2fc4a488978a03338ecc65403597582c77dabeea (patch)
tree: 068818e7abaca45008ac24af9fb4de22815cc0eb /crypto/openssh/ssh-keyscan.c
parent: 8acd87ac472a182ef2d717212f2c0faba81143a5 (diff)
download: FreeBSD-src-2fc4a488978a03338ecc65403597582c77dabeea.zip
FreeBSD-src-2fc4a488978a03338ecc65403597582c77dabeea.tar.gz
1 files changed, 274 insertions, 107 deletions
diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c
index dba2d83..5fc5330 100644
--- a/crypto/openssh/ssh-keyscan.c
+++ b/crypto/openssh/ssh-keyscan.c
@@ -3,30 +3,44 @@
  *
  * Modification and redistribution in source and binary forms is
  * permitted provided that due credit is given to the author and the
- * OpenBSD project (for instance by leaving this copyright notice
- * intact).
+ * OpenBSD project by leaving this copyright notice intact.
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.22 2001/03/06 06:11:18 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.35 2002/03/04 18:30:23 stevesk Exp $");
 
 #include <sys/queue.h>
 #include <errno.h>
 
 #include <openssl/bn.h>
 
+#include <setjmp.h>
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
 #include "key.h"
+#include "kex.h"
+#include "compat.h"
+#include "myproposal.h"
+#include "packet.h"
+#include "dispatch.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "log.h"
 #include "atomicio.h"
+#include "misc.h"
 
-static int argno = 1;		/* Number of argument currently being parsed */
+/* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
+   Default value is AF_UNSPEC means both IPv4 and IPv6. */
+int IPv4or6 = AF_UNSPEC;
 
-int family = AF_UNSPEC;		/* IPv4, IPv6 or both */
+int ssh_port = SSH_DEFAULT_PORT;
+
+#define KT_RSA1	1
+#define KT_DSA	2
+#define KT_RSA	4
+
+int get_keytypes = KT_RSA1;	/* Get only RSA1 keys by default */
 
 #define MAXMAXFD 256
 
@@ -40,6 +54,9 @@ extern char *__progname;
 fd_set *read_wait;
 size_t read_wait_size;
 int ncon;
+int nonfatal_fatal = 0;
+jmp_buf kexjmp;
+Key *kexjmp_key;
 
 /*
  * Keep a connection structure for each file descriptor.  The state
@@ -55,11 +72,13 @@ typedef struct Connection {
 	int c_plen;		/* Packet length field for ssh packet */
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
+	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
 	char *c_namelist;	/* Pointer to other possible addresses */
 	char *c_output_name;	/* Hostname of connection for output */
 	char *c_data;		/* Data read from this fd */
+	Kex *c_kex;		/* The key-exchange struct for ssh2 */
 	struct timeval c_tv;	/* Time at which connection gets aborted */
 	TAILQ_ENTRY(Connection) c_link;	/* List of connections in timeout order. */
 } con;
@@ -83,7 +102,7 @@ typedef struct {
 	void (*errfun) (const char *,...);
 } Linebuf;
 
-Linebuf *
+static Linebuf *
 Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
 {
 	Linebuf *lb;
@@ -117,7 +136,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
 	return (lb);
 }
 
-void
+static void
 Linebuf_free(Linebuf * lb)
 {
 	fclose(lb->stream);
@@ -125,7 +144,8 @@ Linebuf_free(Linebuf * lb)
 	xfree(lb);
 }
 
-void
+#if 0
+static void
 Linebuf_restart(Linebuf * lb)
 {
 	clearerr(lb->stream);
@@ -133,13 +153,14 @@ Linebuf_restart(Linebuf * lb)
 	lb->lineno = 0;
 }
 
-int
+static int
 Linebuf_lineno(Linebuf * lb)
 {
 	return (lb->lineno);
 }
+#endif
 
-char *
+static char *
 Linebuf_getline(Linebuf * lb)
 {
 	int n = 0;
@@ -176,7 +197,7 @@ Linebuf_getline(Linebuf * lb)
 	}
 }
 
-int
+static int
 fdlim_get(int hard)
 {
 	struct rlimit rlfd;
@@ -189,7 +210,7 @@ fdlim_get(int hard)
 		return hard ? rlfd.rlim_max : rlfd.rlim_cur;
 }
 
-int
+static int
 fdlim_set(int lim)
 {
 	struct rlimit rlfd;
@@ -208,7 +229,7 @@ fdlim_set(int lim)
  * separators.  This is the same as the 4.4BSD strsep, but different from the
  * one in the GNU libc.
  */
-char *
+static char *
 xstrsep(char **str, const char *delim)
 {
 	char *s, *e;
@@ -230,7 +251,7 @@ xstrsep(char **str, const char *delim)
  * Get the next non-null token (like GNU strsep).  Strsep() will return a
  * null token for two adjacent separators, so we may have to loop.
  */
-char *
+static char *
 strnnsep(char **stringp, char *delim)
 {
 	char *tok;
@@ -241,8 +262,8 @@ strnnsep(char **stringp, char *delim)
 	return (tok);
 }
 
-void
-keyprint(char *host, char *output_name, char *kd, int len)
+static Key *
+keygrab_ssh1(con *c)
 {
 	static Key *rsa;
 	static Buffer msg;
@@ -251,12 +272,12 @@ keyprint(char *host, char *output_name, char *kd, int len)
 		buffer_init(&msg);
 		rsa = key_new(KEY_RSA1);
 	}
-	buffer_append(&msg, kd, len);
-	buffer_consume(&msg, 8 - (len & 7));	/* padding */
+	buffer_append(&msg, c->c_data, c->c_plen);
+	buffer_consume(&msg, 8 - (c->c_plen & 7));	/* padding */
 	if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
-		error("%s: invalid packet type", host);
+		error("%s: invalid packet type", c->c_name);
 		buffer_clear(&msg);
-		return;
+		return NULL;
 	}
 	buffer_consume(&msg, 8);		/* cookie */
 
@@ -269,23 +290,82 @@ keyprint(char *host, char *output_name, char *kd, int len)
 	(void) buffer_get_int(&msg);
 	buffer_get_bignum(&msg, rsa->rsa->e);
 	buffer_get_bignum(&msg, rsa->rsa->n);
+
 	buffer_clear(&msg);
 
-	fprintf(stdout, "%s ", output_name ? output_name : host);
-	key_write(rsa, stdout);
+	return (rsa);
+}
+
+static int
+hostjump(Key *hostkey)
+{
+	kexjmp_key = hostkey;
+	longjmp(kexjmp, 1);
+}
+
+static int
+ssh2_capable(int remote_major, int remote_minor)
+{
+	switch (remote_major) {
+	case 1:
+		if (remote_minor == 99)
+			return 1;
+		break;
+	case 2:
+		return 1;
+	default:
+		break;
+	}
+	return 0;
+}
+
+static Key *
+keygrab_ssh2(con *c)
+{
+	int j;
+
+	packet_set_connection(c->c_fd, c->c_fd);
+	enable_compat20();
+	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
+	    "ssh-dss": "ssh-rsa";
+	c->c_kex = kex_setup(myproposal);
+	c->c_kex->verify_host_key = hostjump;
+
+	if (!(j = setjmp(kexjmp))) {
+		nonfatal_fatal = 1;
+		dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
+		fprintf(stderr, "Impossible! dispatch_run() returned!\n");
+		exit(1);
+	}
+	nonfatal_fatal = 0;
+	xfree(c->c_kex);
+	c->c_kex = NULL;
+	packet_close();
+
+	return j < 0? NULL : kexjmp_key;
+}
+
+static void
+keyprint(con *c, Key *key)
+{
+	if (!key)
+		return;
+
+	fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
+	key_write(key, stdout);
 	fputs("\n", stdout);
 }
 
-int
+static int
 tcpconnect(char *host)
 {
 	struct addrinfo hints, *ai, *aitop;
 	char strport[NI_MAXSERV];
 	int gaierr, s = -1;
 
-	snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
+	snprintf(strport, sizeof strport, "%d", ssh_port);
 	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = family;
+	hints.ai_family = IPv4or6;
 	hints.ai_socktype = SOCK_STREAM;
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
 		fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
@@ -309,8 +389,8 @@ tcpconnect(char *host)
 	return s;
 }
 
-int
-conalloc(char *iname, char *oname)
+static int
+conalloc(char *iname, char *oname, int keytype)
 {
 	int s;
 	char *namebase, *name, *namelist;
@@ -339,6 +419,7 @@ conalloc(char *iname, char *oname)
 	fdcon[s].c_data = (char *) &fdcon[s].c_plen;
 	fdcon[s].c_len = 4;
 	fdcon[s].c_off = 0;
+	fdcon[s].c_keytype = keytype;
 	gettimeofday(&fdcon[s].c_tv, NULL);
 	fdcon[s].c_tv.tv_sec += timeout;
 	TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
@@ -347,7 +428,7 @@ conalloc(char *iname, char *oname)
 	return (s);
 }
 
-void
+static void
 confree(int s)
 {
 	if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
@@ -358,12 +439,13 @@ confree(int s)
 	if (fdcon[s].c_status == CS_KEYS)
 		xfree(fdcon[s].c_data);
 	fdcon[s].c_status = CS_UNUSED;
+	fdcon[s].c_keytype = 0;
 	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
 	FD_CLR(s, read_wait);
 	ncon--;
 }
 
-void
+static void
 contouch(int s)
 {
 	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
@@ -372,58 +454,85 @@ contouch(int s)
 	TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
 }
 
-int
+static int
 conrecycle(int s)
 {
 	int ret;
 	con *c = &fdcon[s];
-	char *iname, *oname;
 
-	iname = xstrdup(c->c_namelist);
-	oname = xstrdup(c->c_output_name);
+	ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
 	confree(s);
-	ret = conalloc(iname, oname);
-	xfree(iname);
-	xfree(oname);
 	return (ret);
 }
 
-void
+static void
 congreet(int s)
 {
-	char buf[80], *cp;
+	char buf[256], *cp;
+	char remote_version[sizeof buf];
 	size_t bufsiz;
-	int n = 0;
+	int remote_major, remote_minor, n = 0;
 	con *c = &fdcon[s];
 
 	bufsiz = sizeof(buf);
 	cp = buf;
-	while (bufsiz-- && (n = read(s, cp, 1)) == 1 && *cp != '\n' && *cp != '\r')
+	while (bufsiz-- && (n = read(s, cp, 1)) == 1 && *cp != '\n') {
+		if (*cp == '\r')
+			*cp = '\n';
 		cp++;
+	}
 	if (n < 0) {
 		if (errno != ECONNREFUSED)
 			error("read (%s): %s", c->c_name, strerror(errno));
 		conrecycle(s);
 		return;
 	}
+	if (n == 0) {
+		error("%s: Connection closed by remote host", c->c_name);
+		conrecycle(s);
+		return;
+	}
 	if (*cp != '\n' && *cp != '\r') {
 		error("%s: bad greeting", c->c_name);
 		confree(s);
 		return;
 	}
 	*cp = '\0';
-	fprintf(stderr, "# %s %s\n", c->c_name, buf);
-	n = snprintf(buf, sizeof buf, "SSH-1.5-OpenSSH-keyscan\r\n");
+	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
+	    &remote_major, &remote_minor, remote_version) == 3)
+		compat_datafellows(remote_version);
+	else
+		datafellows = 0;
+	if (c->c_keytype != KT_RSA1) {
+		if (!ssh2_capable(remote_major, remote_minor)) {
+			debug("%s doesn't support ssh2", c->c_name);
+			confree(s);
+			return;
+		}
+	} else if (remote_major != 1) {
+		debug("%s doesn't support ssh1", c->c_name);
+		confree(s);
+		return;
+	}
+	fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
+	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
+	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
 	if (atomicio(write, s, buf, n) != n) {
 		error("write (%s): %s", c->c_name, strerror(errno));
 		confree(s);
 		return;
 	}
+	if (c->c_keytype != KT_RSA1) {
+		keyprint(c, keygrab_ssh2(c));
+		confree(s);
+		return;
+	}
 	c->c_status = CS_SIZE;
 	contouch(s);
 }
 
-void
+static void
 conread(int s)
 {
 	int n;
@@ -451,7 +560,7 @@ conread(int s)
 			c->c_status = CS_KEYS;
 			break;
 		case CS_KEYS:
-			keyprint(c->c_name, c->c_output_name, c->c_data, c->c_plen);
+			keyprint(c, keygrab_ssh1(c));
 			confree(s);
 			return;
 			break;
@@ -463,7 +572,7 @@ conread(int s)
 	contouch(s);
 }
 
-void
+static void
 conloop(void)
 {
 	fd_set *r, *e;
@@ -515,81 +624,133 @@ conloop(void)
 	}
 }
 
-char *
-nexthost(int argc, char **argv)
+static void
+do_host(char *host)
 {
-	static Linebuf *lb;
+	char *name = strnnsep(&host, " \t\n");
+	int j;
 
-	for (;;) {
-		if (!lb) {
-			if (argno >= argc)
-				return (NULL);
-			if (argv[argno][0] != '-')
-				return (argv[argno++]);
-			if (!strcmp(argv[argno], "--")) {
-				if (++argno >= argc)
-					return (NULL);
-				return (argv[argno++]);
-			} else if (!strncmp(argv[argno], "-f", 2)) {
-				char *fname;
-
-				if (argv[argno][2])
-					fname = &argv[argno++][2];
-				else if (++argno >= argc) {
-					error("missing filename for `-f'");
-					return (NULL);
-				} else
-					fname = argv[argno++];
-				if (!strcmp(fname, "-"))
-					fname = NULL;
-				lb = Linebuf_alloc(fname, error);
-			} else
-				error("ignoring invalid/misplaced option `%s'",
-				    argv[argno++]);
-		} else {
-			char *line;
-
-			line = Linebuf_getline(lb);
-			if (line)
-				return (line);
-			Linebuf_free(lb);
-			lb = NULL;
+	if (name == NULL)
+		return;
+	for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
+		if (get_keytypes & j) {
+			while (ncon >= MAXCON)
+				conloop();
+			conalloc(name, *host ? host : name, j);
 		}
 	}
 }
 
 void
+fatal(const char *fmt,...)
+{
+	va_list args;
+	va_start(args, fmt);
+	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
+	va_end(args);
+	if (nonfatal_fatal)
+		longjmp(kexjmp, -1);
+	else
+		fatal_cleanup();
+}
+
+static void
 usage(void)
 {
-	fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
-	return;
+	fprintf(stderr, "Usage: %s [options] host ...\n",
+	    __progname);
+	fprintf(stderr, "Options:\n");
+	fprintf(stderr, "  -f file     Read hosts or addresses from file.\n");
+	fprintf(stderr, "  -p port     Connect to the specified port.\n");
+	fprintf(stderr, "  -t keytype  Specify the host key type.\n");
+	fprintf(stderr, "  -T timeout  Set connection timeout.\n");
+	fprintf(stderr, "  -v          Verbose; display verbose debugging messages.\n");
+	fprintf(stderr, "  -4          Use IPv4 only.\n");
+	fprintf(stderr, "  -6          Use IPv6 only.\n");
+	exit(1);
 }
 
 int
 main(int argc, char **argv)
 {
-	char *host = NULL;
+	int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
+	int opt, fopt_count = 0;
+	char *tname;
+
+	extern int optind;
+	extern char *optarg;
 
 	TAILQ_INIT(&tq);
 
-	if (argc <= argno)
+	if (argc <= 1)
 		usage();
 
-	if (argv[1][0] == '-' && argv[1][1] == 't') {
-		argno++;
-		if (argv[1][2])
-			timeout = atoi(&argv[1][2]);
-		else {
-			if (argno >= argc)
+	while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) {
+		switch (opt) {
+		case 'p':
+			ssh_port = a2port(optarg);
+			if (ssh_port == 0) {
+				fprintf(stderr, "Bad port '%s'\n", optarg);
+				exit(1);
+			}
+			break;
+		case 'T':
+			timeout = atoi(optarg);
+			if (timeout <= 0)
 				usage();
-			timeout = atoi(argv[argno++]);
-		}
-		if (timeout <= 0)
+			break;
+		case 'v':
+			if (!debug_flag) {
+				debug_flag = 1;
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			}
+			else if (log_level < SYSLOG_LEVEL_DEBUG3)
+				log_level++;
+			else
+				fatal("Too high debugging level.");
+			break;
+		case 'f':
+			if (strcmp(optarg, "-") == 0)
+				optarg = NULL;
+			argv[fopt_count++] = optarg;
+			break;
+		case 't':
+			get_keytypes = 0;
+			tname = strtok(optarg, ",");
+			while (tname) {
+				int type = key_type_from_name(tname);
+				switch (type) {
+				case KEY_RSA1:
+					get_keytypes |= KT_RSA1;
+					break;
+				case KEY_DSA:
+					get_keytypes |= KT_DSA;
+					break;
+				case KEY_RSA:
+					get_keytypes |= KT_RSA;
+					break;
+				case KEY_UNSPEC:
+					fatal("unknown key type %s", tname);
+				}
+				tname = strtok(NULL, ",");
+			}
+			break;
+		case '4':
+			IPv4or6 = AF_INET;
+			break;
+		case '6':
+			IPv4or6 = AF_INET6;
+			break;
+		case '?':
+		default:
 			usage();
+		}
 	}
-	if (argc <= argno)
+	if (optind == argc && !fopt_count)
 		usage();
 
+	log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
+
 	maxfd = fdlim_get(1);
 	if (maxfd < 0)
 		fatal("%s: fdlim_get: bad value", __progname);
@@ -606,18 +767,24 @@ main(int argc, char **argv)
 	read_wait = xmalloc(read_wait_size);
 	memset(read_wait, 0, read_wait_size);
 
-	do {
-		while (ncon < MAXCON) {
-			char *name;
-
-			host = nexthost(argc, argv);
-			if (host == NULL)
-				break;
-			name = strnnsep(&host, " \t\n");
-			conalloc(name, *host ? host : name);
+	if (fopt_count) {
+		Linebuf *lb;
+		char *line;
+		int j;
+
+		for (j = 0; j < fopt_count; j++) {
+			lb = Linebuf_alloc(argv[j], error);
+			if (!lb)
+				continue;
+			while ((line = Linebuf_getline(lb)) != NULL)
+				do_host(line);
+			Linebuf_free(lb);
 		}
-		conloop();
-	} while (host);
+	}
+
+	while (optind < argc)
+		do_host(argv[optind++]);
+
 	while (ncon > 0)
 		conloop();
author	des <des@FreeBSD.org>	2002-03-18 09:55:03 +0000
committer	des <des@FreeBSD.org>	2002-03-18 09:55:03 +0000
commit	2fc4a488978a03338ecc65403597582c77dabeea (patch)
tree	068818e7abaca45008ac24af9fb4de22815cc0eb /crypto/openssh/ssh-keyscan.c
parent	8acd87ac472a182ef2d717212f2c0faba81143a5 (diff)
download	FreeBSD-src-2fc4a488978a03338ecc65403597582c77dabeea.zip FreeBSD-src-2fc4a488978a03338ecc65403597582c77dabeea.tar.gz